Securing of a telecommunication device equipped with a near-field communication module

ABSTRACT

A telecommunication device including a battery capable of providing a first power supply voltage to circuits of the device, among which at least one security module; a near-field communication module capable of providing a second power supply voltage to the security module; and a circuit for activating the provision of the second power supply voltage, including a switch controllable at least by one element accessible from outside of the device.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a U.S. National Stage patent application based onInternational patent application number PCT/EP2011/064643, filed on Aug.25, 2011, which application claims the priority benefit of French patentapplication number 10/56913, filed on Aug. 31, 2010, which applicationsare hereby incorporated by reference to the maximum extent allowable bylaw which is hereby incorporated by reference to the maximum extentallowable by law.

BACKGROUND

1. Technical Field

The present disclosure generally relates to mobile telecommunicationdevices equipped with a near field communication circuit (NFC).

2. Discussion of the Related Art

Cell phones are more and more often equipped with a near fieldcommunication interface, which enables combining electromagnetictransponder functions with mobile telephony functions. In particular,this adds contactless card type electromagnetic transponder emulationfunctions to the mobile telecommunication device, of personal digitalassistant, cell phone, smartphone, or other type. This enriches thefeatures of the mobile device, which can then be used, for example, asan electronic purse, as a debit or credit system, as an accessvalidation device, as a transport ticket, etc.

To emulate the operation of a contactless chip card, the mobiletelecommunication device is equipped with a contactless front-endintegrated circuit (CLF), also called an NFC router. This router isequipped with a radio frequency transceiver front head associated with alow-range antenna to communicate like an electromagnetic transponder.The router uses the capacities of the mobile device processor(s) fordata processing and storage operations. For access control, electronicpurse, payment, and other applications, a secure element enabling toauthenticate the user is used. This secure element is either integratedto the mobile telecommunication device (dedicated integrated circuit,circuit welded to the printed circuit board) or contained in amicrocircuit supported by a subscriber identification module (SIM), orany other removable card, for example in the standard format of a memorycard.

A specificity of such a mobile telecommunication device is that it iscapable of operating in NFC when it is off or, more generally, when itscircuits are not powered by the battery or another power supply elementof the mobile device.

In this case, the NFC router draws the power necessary to its operation,like an electromagnetic transponder, from the field radiated by a nearbyterminal. It then provides the power supply necessary to the securitymodule circuits to validate near-field transactions.

When the device is powered by its battery and its internal circuits areoperating, different security mechanisms may be implemented, forexample, to avoid a hacking of the SIM card. However, when the device isonly powered via the NFC router, such mechanisms may be difficult toimplement. This is a weakness of such a mobile telecommunication device.

SUMMARY

It would be advantageous to overcome all or part of the disadvantages ofmobile telecommunication devices associated with a near-fieldtransmission module.

It would be advantageous to improve the security against a hackingattempt when the device is only powered by its near-field transmissionmodule.

It would be advantageous to provide a solution compatible with usualsubscriber identification modules.

An embodiment provides a telecommunication device comprising:

a battery capable of providing a first power supply voltage to circuitsof the device, among which at least one security module;

a near-field communication module capable of providing a second powersupply voltage to the security module; and

a circuit for activating the provision of the second power supplyvoltage, comprising a switch controllable at least by one elementaccessible from the outside of the device.

According to an embodiment, said switch is a mechanical switch.

According to an embodiment, said switch is an electronic switchcontrolled by at least one signal having its state conditioned at leastby that of said control element.

According to an embodiment, the electronic switch can be actuated bothwhen the device is powered by the first voltage and when it is poweredby the second voltage.

According to an embodiment, said switch is capable of short-circuitingtwo conductors for providing said second power supply voltage.

According to an embodiment, said switch is on in the idle state.

According to an embodiment, said switch is in series with acurrent-to-voltage conversion element, a signal indicative of the stateof the switch being sampled from the junction point of these componentstowards the near-field communication module.

Another embodiment provides a method for controlling a near-fieldcommunication module, wherein a response to a request originating from aterminal having the device in its field is only authorized if the switchis off.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features, and advantages of theembodiments will be discussed in detail in the following non-limitingdescription of specific embodiments in connection with the accompanyingdrawings.

FIG. 1 very schematically shows a mobile telecommunication device of thetype to which the embodiments apply as an example and its surroundingsystem;

FIG. 2 is a block diagram illustrating the power supply of the circuitsinternal to the telecommunication device;

FIG. 3 very schematically shows an embodiment of a circuit for securinga security module;

FIG. 4 very schematically shows an embodiment of a mobiletelecommunication device equipped with the circuit of FIG. 3;

FIG. 5 is a block diagram of a variation of the circuit of FIG. 3; and

FIG. 6 schematically illustrates an example of exchanges between areader, a router, and a security module.

DETAILED DESCRIPTION

The same elements have been designated with the same reference numeralsin the different drawings. For clarity, only those elements and stepswhich are useful to the understanding of the embodiments have been shownand will be described. In particular, the coding and communicationprotocols, be it for near-field transmissions or for telecommunicationsin GSM mode, have not been detailed, the described embodiments beingcompatible with usual protocols. Further, the circuits forming themobile communication device have not been detailed either, the describedembodiments being here again compatible with usual devices.

The embodiments will be described in relation with a cell phone. Theyhowever more generally apply to any telecommunication device adapted toa mobile network (for example, Wifi, Bluetooth, WiMax, etc.) andassociated with a contactless near-field transmission module.

FIG. 1 very schematically shows a mobile telecommunication device 1 (forexample, a cell phone).

Device 1 comprises a central processing unit 12 (CPU/TH) formed of atleast one microprocessor forming the device core. This microprocessor ispresently called a terminal host. For the telecommunication operationover a network (GSM, 3G, UMTS, etc.), this microprocessor usesidentification and authentication data provided by a subscriberidentification module 14 (SIM), forming a security module of the device.Microprocessor 12 is capable of using one or several internal memories(not shown) of the telephone. The different elements of interface withthe user (keyboard, display, speaker, etc.) have not been shown.

The mobile devices to which the described embodiments apply combine thetelecommunication function with that of a near-field contactlesstransmission system. To achieve this, device 1 comprises a circuit 18(CLF) forming a near-field communication module, like an electromagnetictransponder. Module 18 is associated with an antenna 182 distinct froman antenna 20 intended for the mobile telephony network. The near-fieldcommunication module will be called an “NFC router” since it generallyintegrates all the functions useful to the emulation of a contactlesscard within a same circuit, but the described embodiments apply to anyNFC-type module.

The different elements of device 1 communicate according to variousprotocols. For example, circuits 12 and 18 communicate over a link 1218of I2C, SPI, or other type, and SIM card 14 communicates withmicroprocessor 12 over a link 1214 according to ISO standard 7816-3.Router 18 communicates with the SIM card, for example, over asingle-wire bus 1418 (SWP—Single Wire Protocol). Other versions ofprotocols and links are, of course, possible.

As illustrated in FIG. 1, device 1 is capable of communicating over atelecommunication network (for example, GSM) symbolized by a relayantenna 3, for example, with another mobile device 1′. In near field,the CLF router is capable of communicating with a reader 5 (READER), forexample, an NFC terminal or any other contactless communicationterminal.

FIG. 2 is a block diagram illustrating the power supply of the differentcircuits of mobile device 1.

The device generally comprises a battery 16 or a power supply capable ofproviding (generally via a voltage regulator, not shown) a voltage VCCto the different electronic circuits and in particular to NFC router 18,to SIM card 14 (or other security module), to central processing unit12, as well as to the other circuits (not shown) of the device(keyboard, display, etc.). A switch 162 is functionally interposedbetween battery 16 and a power supply rail 164 providing voltage VCC.Switch 162, generally electronic, is controlled under the action of amechanical switch accessible by the user from outside of device 1.

When the mobile device is off (switch 162 open) or when it is in aso-called low-power operating mode (for example, at standby), NFC router18 remains capable of extracting a power supply voltage from a magneticfield (RF FIELD) radiated by a near-field communication reader (notshown in FIG. 2). Router 18 comprises power regulation means (symbolizedby a block 182—REG). Regulator 182 provides a power supply voltage NFCVCC to the different circuits of router 18 as well as, over a link 1814,to SIM card 14. This enables the router to access the security module toobtain authentication or identification elements enabling to validate atransaction with the reader, even when the other device circuits are notpowered.

FIG. 3 schematically shows an embodiment of a circuit 6 for securing theSIM card when the telecommunication device operates in NFC mode. Circuit6 is a circuit for activating the SIM card power supply.

According to this embodiment, link 1814 between router 18 and securitymodule(s) 14 is connected to ground 166 by a switch 62. The function ofthis switch is to pull link 1814 to ground as long as a transaction isnot authorized.

Preferably, and as illustrated in FIG. 3, a resistor 64 is interposedbetween switch 62 and link 1814. Resistor 64 forms a current-to-voltageconverter and the junction point of the resistor and of switch 62 isconnected, by a link 66, to a gate of router 18. The signal present overlink 66 indicates, by its state, the state of switch 62, and thus theauthorization or not of a near-field operation. Router 18 can use thisinformation to enable/disable some of its internal functions. Forexample, the router is only authorized to respond to a request from thereader when this signal is active.

In the idle state, switch 62 is on. This means that, by default, thesecurity module is not powered by router 18, even if the lattergenerates a voltage NFC VCC.

FIG. 4 schematically shows a device 1 equipped with the system of FIG.3.

According to this embodiment, switch 62 is mechanical and can beactuated by a push-button 68 accessible from outside of the device.Accordingly, a near-field transaction is only authorized when the userpresses push-button 68.

FIG. 5 shows another embodiment according to which switch 62 is anelectronic switch. Circuit 6 receives a signal 682 transmitting thestate of push-button 68 and a control signal CT that comes from anotherexternal authorization element when the device is powered by itsbattery. This embodiment enables to take advantage of the protectionfunction (near-field transaction authorization) in all device powersupply modes. For example, signal CT is controlled, when the device isactive (powered by the battery), by an action of the user on a key ofthe keyboard or on an area of a touch screen.

FIG. 6 schematically illustrates an example of exchanges between reader5, router 18, and the SIM card.

When the device enters field RF FIELD of the reader and it is notpowered by its battery, the router detects the presence of the magneticfield (IN RF FIELD). It then transmits a control signal (EVT_FIELD_ON)to card 14 to indicate this event. The reader periodically sendsrequests to the possible routers in its field. When the router receivesa request, if the state of signal 66 indicates an authorization (OK),the router responds (ATQ) to the reader. Otherwise, the router remainsmute (MUTE) as long as such an authorization has not been received.Then, an anti-collision procedure is implemented between the reader andthe router. Then, the router activates the SIM card with a controlsignal EVT_CARD_ACTIVATED. The card and the reader then communicate(EVT_SEND_DATA) via the router.

In its simplified embodiment (with no link 66), the implementation isparticularly simple. It is sufficient to add to the device a switchshort-circuiting by default power supply voltage NFC VCC (connectinglink 1814 to ground) and to provide an actuator 68 accessible fromoutside of the mobile device.

It should be noted that the described embodiments require nomodification of the SIM card.

Various embodiments have been described, various alterations andmodifications will occur to those skilled in the art. For example,switch 62 may be interposed on link 1814 and is then off in the idlestate. However, the embodiment illustrated by FIG. 3 eases theextraction of a state signal towards the NFC router.

Such alterations, modifications, and improvements are intended to bewithin the spirit and scope of the invention. Accordingly, the foregoingdescription is by way of example only and is not intended as limiting.The invention is limited only as defined in the following claims and theequivalents thereto.

What is claimed is:
 1. A telecommunication device, comprising: a batteryinput to receive a first power supply voltage, said first power supplyvoltage arranged for provision to circuits of the telecommunicationdevice, among which at least one security module; a near-fieldcommunication module capable of providing a second power supply voltageto the security module; and a circuit to activate provision of thesecond power supply voltage, the circuit including a switch controllableat least by one element accessible from the outside of thetelecommunication device and a current-to-voltage conversion element inseries with the switch, a signal indicative of a state of the switchsampled by the near-field communication module from a junction point ofthe switch and the current-to-voltage conversion element.
 2. The deviceof claim 1, wherein said switch is a mechanical switch.
 3. The device ofclaim 1, wherein said switch is an electronic switch controlled by atleast one signal having a state said electronic switch conditioned atleast by that of a control element.
 4. The device of claim 3, whereinthe electronic switch can be actuated both when the device is powered bythe first voltage and when the device is powered by the second voltage.5. The device of claim 1, wherein said switch is capable ofshort-circuiting two conductors for providing said second power supplyvoltage.
 6. The device of claim 5, wherein said switch is on in an idlestate.
 7. A method to control a near-field communication module, of aportable device, the portable device including a series configuration ofa switch and a current-to-voltage conversion element, the seriesconfiguration arranged between two voltage potential nodes of thenear-field communication module, comprising: powering the portabledevice with a first power supply voltage derived from a battery;positioning the portable device in an electromagnetic field of aterminal; generating a second power supply voltage from anelectromagnetic signal of the terminal; sensing at the near-fieldcommunication module a signal between the switch and thecurrent-to-voltage conversion element, the signal indicative of a stateof the switch, the state of the switch representative of a user input;based on the user input, permitting or denying access by the near-fieldcommunication module to information in a security module of the portableelectronic device.
 8. The method of claim 7, comprising: removing thefirst power supply voltage.
 9. The method of claim 7, comprising:further conditioning access by the near-field communication module toinformation in the security module of the portable electronic device ona control signal from an external authorization element.
 10. The methodof claim 9, wherein said control signal is derived from a touch screeninput to the portable electronic device.
 11. A portable device,comprising: a security module; a battery input, the battery inputconfigured to pass first power to circuits of the portable deviceincluding the security module; a near-field communication module, thenear-field communication module configured to generate second power froma sensed electromagnetic field, the near-field communication moduleconfigured to pass the second power to the security module; and a seriesconfiguration including a switch and a current-to-voltage conversionelement, a node in the series configuration coupled to the near-fieldcommunication module, the node arranged to pass a signal representativeof a state of the switch, wherein the near-field communication module ispermitted to access information in the security module when the switchhas taken a first state and wherein the near-field communication moduleis not permitted to access information in the security module when theswitch has taken a second state.
 12. The portable device of claim 11,wherein said current-to-voltage conversion element is a resistor. 13.The portable device of claim 11, wherein said portable device is amobile telephone.
 14. The portable device of claim 11, wherein saidswitch is a mechanical switch.
 15. The portable device of claim 11,wherein said switch is an electronic switch, said electronic switchcontrollable via a user input to the portable device.
 16. The portabledevice of claim 11, wherein at least two operations are required inorder to activate said switch.